Fork me on GitHub

CultureAndOrganization -> Process: Approval by reviewing any new version

Risk and Opportunity

Risk: An individual might forget to implement security measures to protect source code or infrastructure components.
Opportunity: On each new version (e.g. Pull Request) of source code or infrastructure components a security peer review of the changes is performed (two eyes principle) and approval given by the reviewer.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

OWASP SAMM VERSION 2

ISO27001 2017